Why the ‘cyber kill chain’ needs an upgrade

One of the most popular models for analyzing cyberattacks doesn’t focus enough on what to do after adversaries break into networks successfully, which they inevitable will do, Black Hat 2016 attendees were told this week in Las Vegas.

“Every attacker will become an insider if they are persistent enough,” says Sean Malone, a security consultant who spoke at the conference. “We need to operate under a presumption of breach.”